Profile Management 2106

Profile Management policy descriptions and defaults

This topic describes the policies in the Profile Management .adm and .admx files, and the structure of the files. It also lists the default setting of each policy.

For more information about the policies, see Profile Management policies.

Sections in the .adm and .admx files

All Profile Management policies reside in the following sections:

Profile Management

Profile Management\Folder Redirection (User Configuration)

Profile Management\Profile handling

Profile Management\Advanced settings

Profile Management\Log settings

Profile Management\Registry

Profile Management\File system

Profile Management\File system\Synchronization

Profile Management\Streamed user profiles

Profile Management\Cross-platform settings

In the Group Policy Object Editor, most of the policies appear under Computer Configuration > Administrative Templates > Classic Administrative Templates > Citrix. Redirected folder policies appear under User Configuration > Administrative Templates > Classic Administrative Templates > Citrix.

In the Group Policy Editor, the policies appear under Computer Configuration unless a section is labeled User Configuration.

Profile Management

Enable Profile Management

By default, to facilitate deployment, Profile Management does not process logons or logoffs. Enable Profile Management only after carrying out all other setup tasks and testing how Citrix user profiles perform in your environment.

If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, Profile Management does not process Windows user profiles in any way.

Processed groups

Both computer local groups and domain groups (local, global, and universal) can be used. Domain groups must be specified in the format: DOMAIN NAME\GROUP NAME.

If this policy is configured here, Profile Management processes only members of these user groups. If this policy is disabled, Profile Management processes all users. If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, members of all user groups are processed.

Excluded groups

You can use computer local groups and domain groups (local, global, and universal) to prevent particular user profiles from being processed. Specify domain groups in the form DOMAIN NAME\ GROUP NAME.

If this setting is configured here, Profile Management excludes members of these user groups. If this setting is disabled, Profile Management does not exclude any users. If this setting is not configured here, the value from the .ini file is used. If this setting is not configured here or in the .ini file, no members of any groups are excluded.

Process logons of local administrators

Lets you specify whether Profile Management processes logons of members of the BUILTIN\Administrators group.

Citrix Virtual Apps environments are the typical use cases of multi-session operating systems. If this policy is disabled or not configured on multi-session operating systems, Profile Management processes logons by domain users but not by local administrators. Citrix Virtual Desktops environments are the typical use cases of single-session operating systems. On single-session operating systems, Profile Management processes local administrator logons.

Domain users with local administrator permissions are typically Citrix Virtual Desktops users with assigned virtual desktops. This policy allows those users to bypass any processing, log on, and troubleshoot the desktop that experiences problems with Profile Management.

Note: Domain users’ logons might be subject to restrictions imposed by group membership, typically to ensure compliance with product licensing. If this policy is disabled, Profile Management does not process logons by local administrators. If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, administrators are not processed.

Path to user store

Sets the path to the directory (the user store) in which the user settings (registry changes and synchronized files) are saved.

The path can be:

  • A path relative to the home directory. The home directory is typically configured as the #homeDirectory# attribute for a user in the Active Directory.
  • A UNC path. It typically specifies a server share or a DFS namespace.
  • Disabled or unconfigured. In this case, the assumed value is #homeDirectory#\Windows.

The following types of variables can be used for this policy:

  • System environment variables enclosed in percent signs (for example, %ProfVer%). System environment variables generally require extra setup.
  • Attributes of the Active Directory user object enclosed in hashes (for example, #sAMAccountName#).
  • Profile Management variables. For more information, see the Profile Management variables product document.

User environment variables cannot be used, except for %username% and %userdomain%. You can also create custom attributes to define organizational variables such as location or users fully. Attributes are case-sensitive.

Examples:

  • \server\share#sAMAccountName# stores the user settings to the UNC path \server\share\JohnSmith (if #sAMAccountName# resolves to JohnSmith for the current user)
  • \server\profiles$\%USERNAME%.%USERDOMAIN%!CTX_OSNAME!!CTX_OSBITNESS! might expand to \server\profiles$\JohnSmith.DOMAINCONTROLLER1\Win8x64

Important: Whichever attributes or variables you use, check that this policy expands to the folder one level higher than the folder containing NTUSER.DAT. For example, if this file is contained in \server\profiles$\JohnSmith.Finance\Win8x64\UPM_Profile, set the path to the user store as \server\profiles$\JohnSmith.Finance\Win8x64 (not the \UPM_Profile subfolder).

For more information on using variables when specifying the path to the user store, see the following topics:

  • Share Citrix user profiles on multiple file servers
  • Administer profiles within and across OUs
  • High availability and disaster recovery with Profile Management

If Path to user store is disabled, the user settings are saved in the Windows subdirectory of the home directory.

If this policy is disabled, the user settings are saved in the Windows subdirectory of the home directory. If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, the Windows directory on the home drive is used.

Migrate user store

Lets you specify the path to the directory of the user store that Profile Management used previously.

If this setting is configured, the user settings stored in the previous user store are migrated to the current user store.

The path can be an absolute UNC path or a path relative to the home directory.

In both cases, you can use the following types of variables:

  • System environment variables enclosed in percent signs
  • Attributes of the Active Directory user object enclosed in hash signs

Examples:

  • If %ProfileVer% is a system environment variable that resolves to W2K3, the folder Windows\%ProfileVer% stores the user settings in a subfolder called Windows\W2K3 of the user store.
  • If #SAMAccountName# resolves to JohnSmith for the current user, \\server\share\#SAMAccountName# stores the user settings to the UNC path \\server\share\<JohnSmith>.

In the path, you can use user environment variables except %username% and %userdomain%.

If this setting is disabled, the user settings are saved in the current user store.

If this setting is not configured here, the corresponding setting from the .ini file is used.

If this setting is not configured here or in the .ini file, the user settings are saved in the current user store.

Active write back

Lets you enable the active write back feature. With this feature enabled, Profile Management synchronizes files and folders that are modified on the local computer to the user store during a session, before logoff.

If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, it is enabled.

Active write back registry

Use this policy along with “Active write back.” Registry entries that are modified can be synchronized to the user store in the middle of a session.

If you do not configure this setting here, the value from the .ini file is used.

If you do not configure this setting here or in the .ini file, the active write back registry is disabled.

Enable multi-session write-back for FSLogix Profile Container

Profile Management provides a solution to save changes in multi-session scenarios for FSLogix Profile Container. If the same user launches multiple sessions on different machines, changes made in each session are synchronized and saved to FSLogix Profile Container. You can use the multi-session write-back feature by implementing the Enable multi-session write-back for FSLogix Profile Container policy. If the policy is not configured here or in the .ini file, the default value (Disabled) is used.

Offline profile support

Lets you enable the offline profile feature. This feature allows profiles to synchronize with the user store at the earliest opportunity.

This feature aims at laptop or mobile device users who roam. When a network disconnection occurs, profiles remain intact on the laptop or device even after rebooting or hibernating. As mobile users start sessions, their profiles are updated locally. Profile Management synchronizes their profiles with the user store only after the network connection restores.

If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, offline profiles are disabled.

Profile Management\Folder Redirection (User Configuration)

Lets you specify whether to redirect folders that commonly appear in profiles and specify the redirection target. Specify targets as UNC paths (for server shares or DFS namespaces) or as paths relative to users’ home directory. The home directory is typically configured with the #homeDirectory# attribute in the Active Directory.

If a policy is not configured here, Profile Management does not redirect the specified folder.

Note: When you use UNC paths for folder redirection, the #homedirectory# variable is not supported. After you choose the Redirect to the user’s home directory policy, you do not need to specify the path.

The Redirect <folder-name> folder policy lets you specify how to redirect the <folder-name> folder. To do so, select Enabled and then type the redirected path.

Caution: Potential data loss might occur.

You might want to modify the path after the policy takes effect. However, consider potential data loss before you do so. The data contained in the redirected folder might be deleted if the modified path points to the same location as the previous path.

For example, suppose you specify the Contacts path as path1. Later, you change path1 to path2. If path1 and path2 point to the same location, all data contained in the redirected folder is deleted after the policy takes effect.

To avoid potential data loss, complete the following steps:

  1. Apply Microsoft policy to machines where Profile Management is running through Active Directory Group Policy Objects. To do so, open the Group Policy Management Console, navigate to Computer Configuration > Administrative Templates > Windows Components > File Explorer, and then enable Verify old and new Folder Redirection targets point to the same share before redirecting.
  2. If applicable, apply hotfixes to machines where Profile Management is running. For details, see https://support.microsoft.com/en-us/help/977229 and https://support.microsoft.com/en-us/help/2799904.

Profile Management\Profile handling

Delete locally cached profiles on logoff

Specifies whether locally cached profiles are deleted after logoff.

If this policy is enabled, a user’s local profile cache is deleted after they have logged off. This setting is recommended for terminal servers. If this policy is disabled, cached profiles are not deleted.

Note: You can control when profiles are deleted at logoff using Delay before deleting cached profiles. If Delete locally cached profiles on logoff is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, cached profiles are not deleted.

Delay before deleting cached profiles

Lets you specify an optional extension to the delay before locally cached profiles are deleted on logoff. Extending the delay is useful if you know that a process keeps files or the user registry hives open during logoff. With large profiles, this setup can also speed up logoff.

A value of 0 deletes the profiles immediately, at the end of the logoff process.

Profile Management checks for logoffs every minute. A value of 60 ensures that profiles are deleted between one and two minutes after user logoffs depending on when the last check takes place.

Important: This policy works only if Delete locally cached profiles on logoff is enabled. If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, profiles are deleted immediately.

Migration of existing profiles

Lets you specify Profile Management migrate which types of user profiles if the user store is empty.

Profile Management can migrate existing profiles “on the fly” during logon if the user has no profile in the user store. Select Roaming if you are migrating roaming profiles or Remote Desktop Services profiles.

The following event takes place during logons. If the user has a Windows profile instead of a Citrix user profile in the user store, Profile Management migrates the Windows profile to the user store. After this process, Profile Management uses the user store profile in the current and other sessions that are configured with the path to the same user store.

If this setting is enabled, profile migration can be activated for roaming and local profiles (the default), roaming profiles only, local profiles only. Or profile migration can be disabled altogether.

If this policy is disabled and no Citrix user profile exists in the user store, the existing Windows mechanism for creating profiles is used.

If profile migration is disabled and no Citrix user profile exists in the user store, the existing Windows mechanism for creating profiles is used.

If this policy is not configured here, the value from the .ini file is used.

If this policy is not configured here or in the .ini file, Profile Management migrates existing local and roaming profiles to the user store.

Automatic migration of existing application profiles

This setting enables or disables the automatic migration of existing application profiles across different operating systems. The application profiles include both the application data in the AppData folder and the registry entries under HKEY_CURRENT_USER\SOFTWARE. This setting can be useful in cases where you want to migrate your application profiles across different operating systems.

For example, suppose you upgrade your operating system (OS) from Windows 10 version 1803 to Windows 10 version 1809. If this setting is enabled, Profile Management automatically migrates the existing application settings to Windows 10 version 1809 the first time each user logs on. As a result, the application data in the AppData folder and the registry entries under HKEY_CURRENT_USER\SOFTWARE are migrated.

If there are multiple existing application profiles, Profile Management performs the migration in the following order of priority:

  1. Profiles of the same OS type (single-session OS to single-session OS and multi-session OS to multi-session OS).
  2. Profiles of the same Windows OS family; for example, Windows 10 to Windows 10, or Windows Server 2016 to Windows Server 2016).
  3. Profiles of an earlier version of the OS; for example, Windows 7 to Windows 10, or Windows Server 2012 to Windows 2016.
  4. Profiles of the closest OS.

Note: You must specify the short name of the OS by including the variable !CTX_OSNAME! in the user store path. Doing so lets Profile Management locate the existing application profiles.

If this setting is not configured here, the setting from the .ini file is used.

If this setting is not configured here or in the .ini file, it is disabled by default.

Local profile conflict handling

This policy configures how Profile Management behaves if both a profile in the user store and a local Windows user profile (not a Citrix user profile) exist.

If this policy is disabled or set to the default value of Use local profile, Profile Management uses the local profile, but does not change it in any way. If this policy is set to Delete local profile, Profile Management deletes the local Windows user profile. And then imports the Citrix user profile from the user store. If this policy is set to Rename local profile, Profile Management renames the local Windows user profile (for backup purposes). And then imports the Citrix user profile from the user store.

If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, existing local profiles are used.

Template profile

Specifies the path to any profile you want to use as a template. This path is the full path to the folder containing the NTUSER.DAT registry file and any other folders and files required for the template profile.

Important: Ensure that you do not include NTUSER.DAT in the path. For example, with the file \myservername\myprofiles\template\ntuser.dat, set the location as \myservername\myprofiles\template. Use absolute paths, which can be UNC ones or paths on the local machine. You can use the latter, for example, to specify a template profile permanently on a Citrix Provisioning Services image). Relative paths are not supported.

This policy does not support expansion of Active Directory attributes, system environment variables, or the %USERNAME% and %USERDOMAIN% variables.

If this policy is disabled, templates are not used. If this policy is enabled, Profile Management uses the template instead of the local default profile when creating user profiles. If a user has no Citrix user profile, but a local or roaming Windows user profile exists, by default the local profile is used. And the local profile is migrated to the user store, if this policy is not disabled. This setup can be changed by enabling the Template profile overrides local profile or Template profile overrides roaming profile check box. Also, identifying the template as a Citrix mandatory profile means that, like Windows mandatory profiles, changes are not saved.

If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, no template is used.

Profile Management\Advanced settings

Number of retries when accessing locked files

Sets the number of retries when accessing locked files.

If this policy is disabled, the default value of five retries is used. If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, the default value is used.

Some deployments leave extra Internet cookies that Index.dat does not reference. The extra cookies left in the file system after sustained browsing can lead to profile bloat. This policy lets you enable Profile Management to force processing of Index.dat and remove the extra cookies. The policy increases logoff times, so only enable it if you experience this issue.

If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, no processing of Index.dat takes place.

Disable automatic configuration

Profile Management examines any Citrix Virtual Desktops environment, for example for the presence of personal vDisks, and configures Group Policy accordingly. Only Profile Management policies in the Not Configured state are adjusted, so any customizations you have made are preserved.

This policy lets you speed up deployment and simplifies optimization. You do not need to configure this policy. However, you can disable automatic configuration when doing one of the following:

  • Upgrading to retain settings from earlier versions
  • Troubleshooting

You can regard automatic configuration as a dynamic configuration checker that automatically configures the default policy settings according to environments at runtime. It eliminates the need to configure the settings manually. Runtime environments include:

  • Windows OS
  • Windows OS versions
  • Presence of Citrix Virtual Desktops
  • Presence of personal vDisks

Automatic configuration might change the following policies if the environment changes:

  • Active write back
  • Always cache
  • Delete locally cached profiles on logoff
  • Delay before deleting cached profiles
  • Profile streaming

See the following table for the default status of the preceding policies on different OSs:

  Multi-session OS Single-session OS
Active write back Enabled Disabled if Personal vDisk is in use; otherwise, enabled.
Always cache Disabled Disabled if Personal vDisk is in use; otherwise, enabled.
Delete locally cached profiles on logoff Enabled *Disabled if one of the following situations occurs: Personal vDisk is in use, Citrix Virtual Desktops is assigned, or Citrix Virtual Desktops is not installed. Otherwise, enabled.
Delay before deleting cached profiles 0 seconds 60 seconds if user changes are not persistent; otherwise, 0 seconds.
Profile streaming Enabled Disabled if Personal vDisk is in use; otherwise, enabled.

However, with automatic configuration disabled, all policies above default to Disabled.

To ensure that Start menu roaming works properly on Windows 10, Windows Server 2016, and Windows Server 2019, follow these steps:

  1. Enable automatic configuration or set the Disable automatic configuration policy to Enabled.
  2. Complete the configuration steps, as described in the Profile Management best practices article.

If this setting is not configured here, the value from the .ini file is used.

If this setting is not configured here or in the .ini file, automatic configuration is turned on. In this case, Profile Management settings might change if the environment changes.

Log off user if a problem is encountered

Lets you specify whether Profile Management logs off users if a problem is encountered.

If this policy is disabled or not configured, Profile Management gives a temporary profile to users if a problem is encountered. For example, the user store is unavailable.

If it is enabled, an error message is displayed and users are logged off. This setup can simplify troubleshooting of the problem.

If this setting is not configured here, the value from the .ini file is used.

If this setting is not configured here or in the .ini file, a temporary profile is provided.

Customer Experience Improvement Program

By default, the Customer Experience Improvement Program is enabled to help improve the quality and performance of Citrix products by sending anonymous statistics and usage data.

If this setting is not configured here, the value from the .ini file is used.

Enable search index roaming for Outlook

Allow user-based Outlook search experience by automatically roaming Outlook search data along with user profile. This requires extra spaces in the user store to store search index for Outlook.

Log off and then log on again for this policy to take effect.

Outlook search index database – backup and restore

Lets you specify what Profile Management does during logon when the Enable search index roaming for Outlook policy is enabled.

If this policy is enabled, Profile Management backs up the search index database each time the database is mounted successfully on logon. Profile Management treats the backup as the good copy of the search index database. When an attempt to mount the search index database fails due to database corruption, Profile Management reverts the search index database to the last-known good copy.

Note: Profile Management deletes the previously saved backup after a new backup is saved successfully. The backup consumes the available VHDX storage.

Enable multi-session write-back for profile containers

Enables write-back for profile containers in multi-session scenarios. If enabled, changes in all sessions are written back to profile containers. Otherwise, only changes in the first session are saved because only the first session is in read/write mode in profile containers. Citrix Profile Management profile containers are supported starting with Citrix Profile Management 2103. FSLogix Profile Container is supported starting with Citrix Profile Management 2003.

To use this policy for FSLogix Profile Container, ensure that the following prerequisites are met:

  • The FSLogix Profile Container feature is installed and enabled.
  • The profile type is set to Try for read-write profile and fallback to read-only in FSLogix.

Replicate user stores

Lets you replicate a user store to multiple paths upon each logon and logoff - in addition to the path that the Path to user store policy specifies. To synchronize to the user stores files and folders modified during a session, enable active write back. This feature does not currently support full container solutions. Enabling the policy can increase system I/O and might prolong logoffs.

Enable credential-based access to user stores

Lets you enable credential-based access to user stores.

By default, Citrix Profile Management impersonates the current user to access user stores. The current user must have permission to access the user stores. In some use cases, you put user stores in a storage repository (for example, Azure Files) that the current user has no permission to access. In those cases, enable this policy to let Profile Management access the user stores by using the credentials of the storage repository.

To ensure that Profile Management can access user stores, save the profile storage server’s credentials in Workspace Environment Management (WEM) or Windows Credential Manager. We recommend that you use Workspace Environment Management to eliminate the need of configuring the same credentials for each machine running Profile Management. If you use the Windows Credential Manager, use the Local System account to securely save the credentials.

Note:

To ensure that NTFS permissions are retained, you must put the entire profile in a profile container.

If this setting is not configured here, the value from the .ini file is used. If this setting is configured neither here nor in the .ini file, it is disabled by default.

Profile Management\Log settings

Enable logging

This policy enables or disables logging. Only enable this policy if you are troubleshooting Profile Management.

If this policy is disabled, only errors are logged. If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, only errors are logged.

Log settings

Lets you select which events or actions Profile Management logs. Select them all only if you are requested to do so by Citrix personnel.

If the policy is not configured here, Profile Management uses the values from the .ini file.

If the policy is not configured here or in the .ini file, errors and general information are logged.

The check boxes for this policy correspond to the following settings in the .ini file: LogLevelWarnings, LogLevelInformation, LogLevelFileSystemNotification, LogLevelFileSystemActions, LogLevelRegistryActions, LogLevelRegistryDifference, LogLevelActiveDirectoryActions, LogLevelPolicyUserLogon, LogLevelLogon, LogLevelLogoff, and LogLevelUserName.

Maximum size of the log file

The default value for the maximum size of the Profile Management log file is 10 MB. If you have sufficient disk space, increase it. If the log file grows beyond the maximum size, an existing backup of the file (.bak) is deleted. The log file is renamed to .bak and a new log file is created. The log file is created in %SystemRoot%\System32\Logfiles\UserProfileManager.

If this policy is disabled, the default value of 10 MB is used. If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, the default value is used.

Path to log file

Lets you configure an alternative path to store the log files.

The path can point to a local drive or a network-based one (a UNC path):

  • Remote drives are recommended in large, distributed environments. However, they can create significant network traffic, which might not be appropriate for log files.
  • Local drives are often used in provisioned, virtual machines with a persistent hard drive.

This setting ensures that log files are preserved when the machine restarts. For virtual machines without a persistent hard drive, setting a UNC path allows you to retain the log files. But the system account for the machines must have write access to the UNC share. Use a local path for any laptops managed by the offline profiles feature.

If a UNC path is used for log files, Citrix recommends that you apply an appropriate access control list to the log file folder. Access control ensures that only authorized user or computer accounts can access the stored files.

Examples:

  • D:\LogFiles\ProfileManagement.
  • \server\LogFiles\ProfileManagement

If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, the default location %SystemRoot%\System32\Logfiles\UserProfileManager is used.

Profile Management\Profile container settings

Profile container

Large folders associated with a user profile result in a slow logon. Citrix Profile Management provides a VHDX-based profile solution that lets you specify the folders to be contained in the profile disk (VHDX files). This solution reduces logon times by mapping the specified folders to the profile disk that is stored on the network. The profile container attaches the profile disk containing those folders during logon, thus eliminating the need to save a copy of the folders to the local profile. Doing so decreases logon times.

Enable local caching for profile containers

This policy enables local caching support for Citrix Profile Management profile containers. With the policy set to Enabled, each local profile serves as a local cache of its Citrix Profile Management profile container. If profile streaming is in use, locally cached files are created on demand. Otherwise, they are created during user logons. To use the local caching feature, put an entire user profile in its Citrix Profile Management profile container.

Folders to exclude from profile container

List of folders to exclude from a Citrix Profile Management profile container.

Note:

Wildcards are not supported.

Folders to include in profile container

List of folders to keep in a Citrix Profile Management profile container when their parent folders are excluded.

Folders on this list must be subfolders of the excluded folders. Otherwise, this setting does not work.

Note:

Wildcards are not supported.

Disabling this setting has the same effect as enabling it and configuring an empty list.

Profile Management\Registry

Exclusion list

List of registry keys in the HKCU hive which are ignored during logoff.

Example: Software\Policies

If this policy is disabled, no registry keys are excluded. If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, no registry keys are excluded.

Inclusion list

List of registry keys in the HKCU hive that are processed during logoff.

Example: Software\Adobe.

If this policy is enabled, only keys on this list are processed. If this policy is disabled, the complete HKCU hive is processed. If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, all of HKCU is processed.

Enable Default Exclusion List - Profile Management 5.5

Default list of registry keys in the HKCU hive that are not synchronized to the user’s profile. Use this policy to specify GPO exclusion files without having to fill them in manually.

If you disable this policy, Profile Management does not exclude any registry keys by default. If you do not configure this policy here, Profile Management uses the value from the .ini file. If you do not configure this policy here or in the .ini file, Profile Management does not exclude any registry keys by default.

NTUSER.DAT backup

Enables a backup of the last known good copy of NTUSER.DAT and rollback if there is corruption.

If you do not configure this policy here, Profile Management uses the value from the .ini file. If you do not configure this policy here or in the .ini file, Profile Management does not back up NTUSER.DAT.

Profile Management\File system

Exclusion list - files

List of files that are ignored during synchronization. File names must be paths relative to the user profile (%USERPROFILE%). Wildcards are allowed and are applied recursively.

Examples:

  • Desktop\Desktop.ini ignores the file Desktop.ini in the Desktop folder
  • %USERPROFILE%*.tmp ignores all files with the extension .tmp in the entire profile
  • AppData\Roaming\MyApp*.tmp ignores all files with the extension .tmp in one part of the profile

If this policy is disabled, no files are excluded. If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, no files are excluded.

Enable Default Exclusion List - directories

Default list of directories ignored during synchronization. Use this policy to specify GPO exclusion directories without having to fill them in manually.

If you disable this policy, Profile Management does not exclude any directories by default. If you do not configure this policy here, Profile Management uses the value from the .ini file. If you do not configure this policy here or in the .ini file, Profile Management does not exclude any directories by default.

Exclusion list - directories

List of folders that are ignored during synchronization. Folder names must be specified as paths relative to the user profile (%USERPROFILE%).

Example:

  • Desktop ignores the Desktop folder in the user profile

If this policy is disabled, no folders are excluded. If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, no folders are excluded.

Logon Exclusion Check

Lets you specify what Profile Management does if a profile in the user store contains excluded files or folders.

If this setting is disabled or set to the default value of Synchronize excluded files or folders on logon, Profile Management synchronizes those excluded files or folders from the user store to the local profile when a user logs on.

If this setting is set to “Ignore excluded files or folders on logon,” Profile Management ignores the excluded files or folders in the user store on user logon.

If this setting is set to “Delete excluded files or folder on logon,” Profile Management deletes the excluded files or folders in the user store on user logon.

If this setting is not configured here, the value from the .ini file is used.

If this setting is not configured here or in the .ini file, Profile Management synchronizes excluded files or folders from the user store to the local profile.

Lets you specify the files that are created as symbolic links. This setting is used to improve logon performance and to process large-size files.

You can use wildcards in policies that refer to files; for example, !ctx_localappdata!\Microsoft\Outlook*.OST.

To process the offline folder file (*.ost) of Microsoft Outlook, make sure that the Outlook folder is not excluded for Profile Management.

Those files cannot be accessed in multiple sessions simultaneously.

Profile Management\File system\Synchronization

Directories to synchronize

Profile Management synchronizes each user’s entire profile between the system it is installed on and the user store. It is not necessary to include subfolders of the user profile by adding them to this list.

Paths on this list must be relative to the user profile.

Example:

  • Desktop\exclude\include ensures that the subfolder called include is synchronized even if the folder called Desktop\exclude is not

Disabling this policy has the same effect as enabling it and configuring an empty list.

If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, only non-excluded folders in the user profile are synchronized.

Files to synchronize

Profile Management synchronizes each user’s entire profile between the system it is installed on and the user store. It is not necessary to include files in the user profile by adding them to this list.

This policy can be used to include files in excluded folders. Paths on this list must be relative to the user profile. Wildcards can be used but are only allowed for file names. Wildcards cannot be nested and are applied recursively.

Examples:

  • AppData\Local\Microsoft\Office\Access.qat specifies a file in a folder that is excluded in the default configuration
  • AppData\Local\MyApp*.cfg specifies all files with the extension .cfg in the profile folder AppData\Local\MyApp and its subfolders

Disabling this policy has the same effect as enabling it and configuring an empty list.

If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, only non-excluded files in the user profile are synchronized.

Folders to mirror

This policy can help solve issues involving any transactional folder (also known as a referential folder). That folder contains interdependent files, where one file references other files.

Mirroring folders allows Profile Management to process a transactional folder and its contents as a single entity, avoiding profile bloat.

For example, you can mirror the Internet Explorer cookies folder so that Index.dat is synchronized with the cookies that it indexes. In these situations, the “last write wins.” So files in mirrored folders that have been modified in more than one session are overwritten by the last update, resulting in loss of profile changes.

Let’s consider how Index.dat references cookies while a user browses the Internet. For example, a user has two Internet Explorer sessions, each on a different server, and they visit different sites in each session. Cookies from each site are added to the appropriate server.

When one of the following situations occurs, the cookies from the second session must replace those cookies from the first session:

  • The user logs off from the first session
  • In the middle of a session if the active write back feature is configured,

However, instead they are merged, and the references to the cookies in Index.dat become out of date. Further browsing in new sessions results in repeated merging and a bloated cookie folder.

Mirroring the cookie folder solves the issue by overwriting the cookies with those cookies from the last session each time the user logs off. So Index.dat stays up-to-date.

If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, no folders are mirrored.

Accelerate folder mirroring

With both this policy and the Folders to mirror policy enabled, Profile Management stores mirrored folders on a VHDX-based virtual disk. It attaches the virtual disk during logons and detaches it during logoffs. Enabling this policy eliminates the need to copy the folders between the user store and local profiles and accelerates folder mirroring.

Profile container

A profile container is a VHDX-based profile solution that lets you specify the folders to be contained in the profile disk. The profile container attaches the profile disk containing those folders, thus eliminating the need to save a copy of the folders to the local profile. Doing so decreases logon times.

To use a profile container, enable this policy and add the relative paths of the folders to the list. We recommend that you include the folders containing large cache files to the list. For example, add the Citrix Files content cache folder to the list: AppData\Local\Citrix\Citrix Files\PartCache.

There are two scenarios to be aware of:

  • Profile container does not support simultaneous access by multiple sessions.
  • Profile container does not support containing the entire profile.

If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, it is disabled.

Profile Management\Streamed user profiles

Profile streaming

Lets you enable the profile streaming feature. With this feature enabled, files and folders in a profile are fetched from the user store to the local computer only when they are needed. Registry entries and any files in the pending area are exceptions. They are fetched immediately.

If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, it is disabled.

Always cache

Optionally, to enhance the user experience, use this policy with the Profile streaming policy.

This setting imposes a lower limit on the size of files that are streamed. Any file this size or larger is cached locally as soon as possible after logon. To use the cache entire profile feature, set this limit to zero (which fetches all the profile contents as a background task).

If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, it is disabled.

Timeout for pending area lock files

Lets you specify a timeout period (days) that frees up users’ files. When the timeout occurs, users’ files are written to the user store from the pending area if the user store remains locked when a server becomes unresponsive. Use this policy to prevent bloat in the pending area and to ensure that the user store always contains the most up-to-date files.

If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, the default value of one day is used.

Streamed user profile groups

This policy streams the profiles of a subset of Windows user groups in the OU. The profiles of users in all other groups are not streamed.

If this policy is disabled, all user groups are processed. If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, all users are processed.

Profile Streaming Exclusion list - directories

Lets you specify the folders that Profile Streaming ignores. Folder names must be specified as paths relative to the user profile.

Examples: Entering Desktop ignores the Desktop directory in the user profile.

If this setting is disabled, no folders are excluded.

If this setting is not configured here, the value from the .ini file is used.

If this setting is not configured here or in the .ini file, no folders are excluded.

Note:

Profile Streaming exclusions do not indicate that the configured folders are excluded from profile handling. Citrix Profile Management still processes them.

Profile Management\Cross-platform settings

Enable cross-platform settings

By default, to facilitate deployment, cross-platform settings are disabled. Turn on processing by enabling this policy but only after thorough planning and testing of this feature.

If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, no cross-platform settings are applied.

Cross-platform settings user groups

Enter one or more Windows user groups. For example, you might use this policy to process only the profiles from a test user group. If this policy is configured, the cross-platform settings feature of Profile Management processes only members of these user groups. If this policy is disabled, the feature processes all the users specified by the Processed groups policy.

If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, all user groups are processed.

Path to cross-platform definitions

Identifies the network location of the definition files that you copied from the download package. This path must be a UNC path. Users must have read access to this location, and administrators must have write access to it. The location must be a Server Message Block (SMB) or Common Internet File System (CIFS) file share.

If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, no cross-platform settings are applied.

Path to cross-platform settings store

Sets the path to the cross-platform settings store, the folder in which users’ cross-platform settings are saved. Users must have write access to this area. The path can be an absolute UNC path or a path relative to the home directory.

This area is the common area of the user store where profile data shared by multiple platforms is located. Users must have write access to this area. The path can be an absolute UNC path or a path relative to the home directory. You can use the same variables as for Path to user store.

If this policy is disabled, the path Windows\PM_CP is used. If this policy is not configured here, the value from the .ini file is used. If this policy is not configured here or in the .ini file, the default value is used.

Source for creating cross-platform settings

Lets you specify a platform as the base platform if this policy is enabled in that platform’s OU. This policy migrates data from the base platform’s profiles to the cross-platform settings store. By default this policy is disabled.

Each platform’s own set of profiles are stored in a separate OU. Decide you want to use which platform’s profile data as the base platform to seed the cross-platform settings store.

When one of the following situations occurs, Profile Management only migrates the data from the single-platform profile to the store if you enable this policy.

  • The cross-platform settings store contains a definition file with no data.
  • The cached data in a single-platform profile is newer than the definition’s data in the store.

Important:

If this policy is enabled in multiple OUs, user objects, or machine objects, the platform that the first user logs on to become the base profile.

Profile Management\Citrix Virtual Apps Optimization settings

Enable Citrix Virtual Apps Optimization

When you enable this feature, only the settings specific to the published applications a user launches or exits are synchronized.

If this setting is not configured here, the value from the .ini file is used.

If this setting is not configured here or in the .ini file, no Citrix Virtual Apps optimization settings are applied.

Path to Citrix Virtual Apps optimization definitions

This policy lets you specify a folder where the Citrix Virtual Apps optimization definition files are located.

If this setting is not configured here, the value from the .ini file is used.

If this setting is not configured here or in the .ini file, no Citrix Virtual Apps optimization settings are applied.

Note:

The folder can be local or it can reside on an SMB file share.